How To Setup Openvpn Tunnel Betwixt Offices On Mikrotik Routers
Connecting remote workstation/client amongst OpenVPN: In this method, OpenVPN customer software, installed whatever operating arrangement such equally Windows, tin post away communicate amongst MikroTik OpenVPN server through OpenVPN tunnel whenever required as well as tin post away access remote somebody network equally if it was direct connected to the remote somebody network.
Site to Site OpenVPN: Here nosotros volition convey to constitute the VPN connexion betwixt 2 routers. In this method, an OpenVPN customer supported router ever establishes an OpenVPN tunnel amongst MikroTik OpenVPN Server. By doing this, somebody networks of these routers volition as well as then move able to communicate amongst each other equally though they were direct connected to the same router.
In this uncomplicated tutorial, volition move configuring OpenVPN Tunnel betwixt 2 MikroTik RouterOS thus that local networks of these routers tin post away communicate amongst each other equally if they were direct connected to the same router. if this configuration is followed as well as proper done you lot volition terminate upwardly setting what I called OpenVPN Tunnel.
In this tutorial, nosotros volition move looking at the network diagram Above.
you volition notice that inwards the diagram above, Office 1 Router is connected to network through ether1 interface amongst IP address 192.168.70.2/30., Office1 Router’s ether2 interface is connected to local network having IP network 10.10.11.0/24. We are going to create our configure our OpenVPN Server inwards this router as well as later on OpenVPN configuration the router volition create a virtual interface (OVPN Tunnel) across populace network whose IP address volition move 172.22.22.1.
Office2 Router is a remote router as well as tin post away access Office1 Router’s WAN IP. Office2 Router’s ether1 interface is connected to network having IP address 192.168.40.2/30 as well as ether2 has a local IP network 10.10.12.0/24. We volition configure OpenVPN customer inwards this router as well as later on OpenVPN customer configuration the router volition convey a virtual interface (OVPN Tunnel) across populace network whose IP address volition move 172.22.22.2.
To configure a site to site OpenVPN betwixt 2 Routers, I am using 2 MikroTik RouterOS v6.38.1. IP information that I am using for this network configuration are given below.
Office 1 Router WAN IP: 192.168.70.2/30, LAN IP Block 10.10.11.0/24 as well as Tunnel interface IP 172.22.22.1/30
Office 2 Router WAN IP: 192.168.80.2/30, LAN IP Block 10.10.12.0/24 as well as Tunnel interface IP 172.22.22.2/30
Step 1: MikroTik RouterOS Basic Configuration
In MikroTik RouterOS basic configuration, nosotros volition assign WAN, LAN as well as DNS IP as well as perform NAT as well as Route configuration. The next steps volition demo how to create these topics inwards your RouterOS.
Login to MikroTik RouterOS using winbox as well as become to IP > Addresses. In Address List window, click on PLUS SIGN (+). In New Address window, lay WAN IP address (192.168.70.2/30) inwards Address input land as well as guide WAN interface (ether1) from Interface dropdown bill of fare as well as click on Apply as well as OK button. Click on PLUS SIGN in ane lawsuit to a greater extent than as well as lay LAN IP (10.10.11.1/24) inwards Address input land as well as guide LAN interface (ether2) from Interface dropdown bill of fare as well as click on Apply as well as OK button.
Go to IP > DNS as well as lay DNS servers IP (8.8.8.8 or 8.8.4.4) inwards Servers input land as well as click on Apply as well as OK button.
Go to IP > Firewall as well as click on NAT tab as well as and then click on PLUS SIGN (+). Under General tab, guide srcnat from Chain dropdown bill of fare as well as click on Action tab as well as and then guide masquerade from Action dropdown menu. Click on Apply as well as OK button.
Go to IP > Routes as well as click on PLUS SIGN (+). In New Route window, click on Gateway input land as well as lay WAN Gateway address (192.168.70.1) inwards Gateway input land as well as click on Apply as well as OK button.
Step 2: Creating SSL certificate for OpenVPN Server
OpenVPN Server configuration requires SSL certificate because OpenVPN uses SSL certificate for secure communication. MikroTik RouterOS version vi gives mightiness to create, shop as well as create out certificates inwards certificate store. So, nosotros volition create required OpenVPN certificate from our RouterOS. OpenVPN Server requires the next certificates:
CA (Certification Authority) certificate and
Server certificate.
Creating CA certificate
The next steps volition demo how to create CA certificate inwards MikroTik RouterOS.
Go to System > Certificates bill of fare special from winbox as well as click on Certificates tab as well as and then click on PLUS SIGN (+). New Certificate window volition appear.
Put your CA certificate cite (for example: ca) inwards Name input field. Also lay a certificate mutual cite (for example: ca) inwards Common Name input field.
You volition uncovering to a greater extent than or less optional fields inwards General tab. You tin post away fill upwardly if you lot wish. All fields are self-defined.
Click on Key Usage tab as well as uncheck all checkboxes except crl sign as well as substitution cert. sign
Click on Apply push as well as and then click on Sign button. Sign window volition appear now.
Your newly created certificate template volition appear inwards certificate dropdown menu. Select your newly created certificate template if it is non selected.
Put MikroTik Router’s WAN IP address (192.168.70.2) inwards CA CRL Host input field.
Click on Sign button. Your Sign certificate volition move created inside few seconds.
Click on OK push to unopen New Certificate window.
If newly created CA certificate does non demo T flag or Trusted holding shows no value, double click on your CA certificate as well as click on Trusted checkbox located at the bottom of General tab as well as and then click on Apply as well as OK button.
Creating Server Certificate
The next steps volition demo how to create server certificate inwards MikroTik RouterOS.
Click on PLUS SIGN (+) again. New Certificate window volition appear.
Put your server certificate cite (for example: server) inwards Name input field. Also lay a certificate mutual cite (for example: server) inwards Common Name input field.
If you lot convey lay whatever optional land for CA certificate, lay them hither also.
Click on Key Usage tab as well as uncheck all checkboxes.
Click on Apply push as well as and then click on Sign button. Sign window volition appear now.
Your newly server created certificate template volition appear inwards certificate dropdown menu. Select your newly created certificate template if it is non selected.
Also select CA certificate from CA dropdown menu.
Click on Sign button. Your Sign certificate volition move created inside few seconds.
Click on OK push to unopen New Certificate window.
If newly created server certificate does non demo T flag or Trusted holding shows no value, double click on your server certificate as well as click on Trusted checkbox located at the bottom of General tab as well as and then click on Apply as well as OK button.
Server certificate has been created successfully. Now nosotros volition enable as well as configure OpenVPN Server inwards MikroTik RouterOS.
Click on PLUS SIGN (+). New PPP Secret window volition appear.
Put username (For example: sayeed) inwards Name input as well as password inwards Password input field. This username as well as password volition move required at the fourth dimension of OpenVPN customer configuration.
Choose ovpn from Service dropdown menu.
Put Office 1 Router’s virtual interface IP (172.22.22.1) inwards Local Address input land as well as lay Office 2 Router’s virtual interface IP (172.22.22.2) inwards Remote Address input field.
Put static routes to accomplish Office2 Router’s local network inwards Routes input filed. This road volition move added inwards Office1 Router’s routing tabular array when OpenVPN user volition move connected from Office2 Router. The road format is: dst-address gateway metric (example for this configuration: 10.10.12.0/24 172.22.22.2 1). Several routes may move specified separated amongst commas.
Click on Apply as well as OK button.
PPP user who volition move connected from remote customer machine has been created. Whenever your created user volition move connected from OpenVPN customer router (Office2 Router), the Remote Address IP volition move assigned for its virtual interface as well as the routes volition move created inwards Office1 Router’s routing tabular array thus that Office1 Router’s local network tin post away accomplish remote router’s (Office2 Router) local network.
Office1 Router configuration for OpenVPN Server has been completed.
Office2 Router Configuration for OpenVPN Client
According to our network diagram, Office2 Router is working equally an OpenVPN customer router. So, nosotros volition configure OpenVPN customer inwards Office2 Router. Complete RouterOS configuration tin post away move divided into 3 steps.
Basic RouterOS Configuration
OpenVPN customer configuration
Static road configuration
Step 1: Basic RouterOS Configuration
Go to System > Certificates bill of fare special from winbox as well as click on Certificates tab as well as and then click on PLUS SIGN (+). New Certificate window volition appear.
Put your CA certificate cite (for example: ca) inwards Name input field. Also lay a certificate mutual cite (for example: ca) inwards Common Name input field.
You volition uncovering to a greater extent than or less optional fields inwards General tab. You tin post away fill upwardly if you lot wish. All fields are self-defined.
Click on Key Usage tab as well as uncheck all checkboxes except crl sign as well as substitution cert. sign
Click on Apply push as well as and then click on Sign button. Sign window volition appear now.
Your newly created certificate template volition appear inwards certificate dropdown menu. Select your newly created certificate template if it is non selected.
Put MikroTik Router’s WAN IP address (192.168.70.2) inwards CA CRL Host input field.
Click on Sign button. Your Sign certificate volition move created inside few seconds.
Click on OK push to unopen New Certificate window.
If newly created CA certificate does non demo T flag or Trusted holding shows no value, double click on your CA certificate as well as click on Trusted checkbox located at the bottom of General tab as well as and then click on Apply as well as OK button.
Creating Server Certificate
The next steps volition demo how to create server certificate inwards MikroTik RouterOS.
Click on PLUS SIGN (+) again. New Certificate window volition appear.
Put your server certificate cite (for example: server) inwards Name input field. Also lay a certificate mutual cite (for example: server) inwards Common Name input field.
If you lot convey lay whatever optional land for CA certificate, lay them hither also.
Click on Key Usage tab as well as uncheck all checkboxes.
Click on Apply push as well as and then click on Sign button. Sign window volition appear now.
Your newly server created certificate template volition appear inwards certificate dropdown menu. Select your newly created certificate template if it is non selected.
Also select CA certificate from CA dropdown menu.
Click on Sign button. Your Sign certificate volition move created inside few seconds.
Click on OK push to unopen New Certificate window.
If newly created server certificate does non demo T flag or Trusted holding shows no value, double click on your server certificate as well as click on Trusted checkbox located at the bottom of General tab as well as and then click on Apply as well as OK button.
Server certificate has been created successfully. Now nosotros volition enable as well as configure OpenVPN Server inwards MikroTik RouterOS.
Step 3: OpenVPN Server Configuration inwards MikroTik Router
After creating SSL certificate, nosotros are straightaway eligible to enable OpenVPN Server inwards MikroTik Router. The next steps volition demo how to enable OpenVPN Server inwards your MikroTik Router amongst proper configuration.Click on PPP bill of fare special from winbox as well as and then click on Secrets tab.Click on PLUS SIGN (+). New PPP Secret window volition appear.
Put username (For example: sayeed) inwards Name input as well as password inwards Password input field. This username as well as password volition move required at the fourth dimension of OpenVPN customer configuration.
Choose ovpn from Service dropdown menu.
Put Office 1 Router’s virtual interface IP (172.22.22.1) inwards Local Address input land as well as lay Office 2 Router’s virtual interface IP (172.22.22.2) inwards Remote Address input field.
Put static routes to accomplish Office2 Router’s local network inwards Routes input filed. This road volition move added inwards Office1 Router’s routing tabular array when OpenVPN user volition move connected from Office2 Router. The road format is: dst-address gateway metric (example for this configuration: 10.10.12.0/24 172.22.22.2 1). Several routes may move specified separated amongst commas.
Click on Apply as well as OK button.
PPP user who volition move connected from remote customer machine has been created. Whenever your created user volition move connected from OpenVPN customer router (Office2 Router), the Remote Address IP volition move assigned for its virtual interface as well as the routes volition move created inwards Office1 Router’s routing tabular array thus that Office1 Router’s local network tin post away accomplish remote router’s (Office2 Router) local network.
Office1 Router configuration for OpenVPN Server has been completed.
Office2 Router Configuration for OpenVPN Client
According to our network diagram, Office2 Router is working equally an OpenVPN customer router. So, nosotros volition configure OpenVPN customer inwards Office2 Router. Complete RouterOS configuration tin post away move divided into 3 steps.
Basic RouterOS Configuration
OpenVPN customer configuration
Static road configuration
Step 1: Basic RouterOS Configuration
Basic RouterOS configuration includes assigning WAN, LAN as well as DNS IP equally good equally NAT as well as Route configuration. The next steps volition guide you lot near basic RouterOS configuration
Login to Office2 RouterOS using winbox as well as become to IP > Addresses. In Address List window, click on PLUS SIGN (+). In New Address window, lay WAN IP address (192.168.80.2/30) inwards Address input land as well as guide WAN interface (ether1) from Interface dropdown bill of fare as well as click on Apply as well as OK button. Click on PLUS SIGN in ane lawsuit to a greater extent than as well as lay LAN IP (10.10.12.1/24) inwards Address input land as well as guide LAN interface (ether2) from Interface dropdown bill of fare as well as click on Apply as well as OK button.
Go to IP > DNS as well as lay DNS servers IP (8.8.8.8 or 8.8.4.4) inwards Servers input land as well as click on Apply as well as OK button.
Go to IP > Firewall as well as click on NAT tab as well as and then click on PLUS SIGN (+). Under General tab, guide srcnat from Chain dropdown bill of fare as well as click on Action tab as well as and then guide masquerade from Action dropdown menu. Click on Apply as well as OK button.
Go to IP > Routes as well as click on PLUS SIGN (+). In New Route window, click on Gateway input land as well as lay WAN Gateway address (192.168.80.1) inwards Gateway input land as well as click on Apply as well as OK button.
Basic RouterOS configuration inwards Office2 Router has been completed. Now it is fourth dimension to create OpenVPN Client inwards our MikroTik Router.
Step 2: OpenVPN Client Configuration
After completing RouterOS basic configuration, nosotros volition straightaway configure OpenVPN customer inwards Office2 Router. The next steps volition demo you lot how to create OVPN customer inwards your MikroTik Router.Click on Interfaces bill of fare special from winbox as well as and then click on Interface tab. Click on PLUS SIGN (+) dropdown bill of fare as well as and then guide OVPN Client option. New Interface window volition appear.Click on General tab as well as lay OpenVPN interface cite (openvpn-server) inwards Name input field.
Click on Dial Out tab as well as lay Office1 Router’s WAN IP (192.168.70.2) inwards Connect To input field. This IP must move reachable from Office2 Router.
Put username (sayeed) as well as password that you lot convey provided inwards Office1 Router’s PPP user configuration, inwards User as well as Password input land respectively.
From dropdown menu, guide sha1 encryption method.
From Cipher dropdown menu, guide aes 256Click on Apply as well as OK button. As shortly equally you lot render the higher upwardly information, an OVPN Tunnel volition move created betwixt Office1 as well as Office2 Router as well as provided local as well as remote IP address volition move assigned inwards office1 as well as Office2 Router’s virtual interface respectively. At this stage, Office1 Router equally good equally its local network volition move able to accomplish Office2 Router as well as its local network exactly Office2 Router as well as its local network volition alone move able to accomplish Office1 Router exactly non its local network. To accomplish Office1 Router’s local network, a static road must move added inwards Office2 Router’s routing table. Step 3: Static Route Configuration After configuring OVPN Client inwards Office2 Router, Office 2 Router tin post away alone access Office 1 Router exactly non its local network. To solve this issue, a road is required inwards Office2 Router’s routing table. The next steps volition demo how to add together a road inwards Office2 Router’s routing tabular array statically. Go to IP > Routes as well as and then click on PLUS SIGN (+). In New Route window, render Office1 Router’s local network (10.10.11.0/24) where you lot desire to reach, inwards Dst. Address input field. Click on Gateway input land as well as and then guide OpenVPN customer interface (openvpn-server) that you lot convey created at the of OVPN customer configuration, from Gateway dropdown menu. Click on Apply as well as OK button. Now Office 2 Router as well as its local network volition move able to access Office 1 Router’s local network. Office1 Router as well as Office2 Router Configuration for establishing an OVPN Tunnel betwixt them has been completed. Now both router’s local networks are eligible to access each other. To banking concern fit your configuration, create a ping asking from whatever local network machine to other local network machine. If everything is OK, your ping asking volition move success. MikroTik VPN Configuration amongst Site to Site OpenVPN Service has been explained inwards this article. I promise you lot volition move able to configure your Site to Site VPN amongst MikroTik OpenVPN service if you lot follow the higher upwardly explanation carefully. However, if you lot confront whatever confusion to create higher upwardly steps properly, experience complimentary to hash out inwards comment or contact amongst me from Contact page. I volition endeavour my best to rest amongst you.
0 Response to "How To Setup Openvpn Tunnel Betwixt Offices On Mikrotik Routers"
Post a Comment